Will 2025 be remembered as the year of the cyber attacks? The last few weeks have certainly been very turbulent. Today Jaguar Land Rover (JLR) has announced the restart of its production line after a month of shutdown following an attack costing an estimated £2 billion. Last month, major European airports, including Heathrow, were forced to ground flights following the attack against Collins Aerospace and separately the Kido nursery chain fell victim to a vile attack resulting in compromise of personal data and children’s profiles. In March and April three high street staples - Marks & Spencer, Co-op and Harrods - were all hit by the Scattered Spider ransomware attack, estimated to have cost those companies around £1 billion in lost revenue.

The data also indicates the threat is escalating: the government’s National Cyber Security Centre reported that in 2024 it issued double the number of attack notifications compared to the previous year. Meanwhile, the Joint Committee on National Security has warned that the UK now carries the unwelcome title of being one of the most attractive targets for global cyber attackers.

From a communications standpoint, the latest wave of cyber attacks shares a striking feature: hacker groups are no longer content to operate in the shadows. They’re seizing the spotlight using aggressive media tactics to shape the narrative and amplify the reputational fallout for their targets. It’s little wonder, then, that coverage of cyber attacks has evolved from niche tech reporting to front-page news.

When the group known as Scattered Lapsus$ breached JLR, it didn’t just exfiltrate data - it bragged about the exploit in real time, posting screenshots from inside the company’s IT systems to a Telegram channel followed by more than 50,000 people. Likewise, after Co-op initially assured the public that no customer data had been compromised in the April attack, the Scattered Spider group went on the offensive, sending screenshots directly to the BBC to challenge the company’s claims and force a rethink of its public messaging.

For business leaders, one thing is certain: when a cyberattack strikes, the crisis doesn’t unfold solely in the server room. While your expert teams work to contain the technical and operational fallout and recover systems, you’ll be fighting to maintain control of the narrative amid fast-moving developments and public scrutiny. And with governments and regulators signalling tougher expectations on businesses and their response to cyber attacks, communication with these government stakeholders will be just as critical - though perhaps different in tone and timing, particularly in the early stages of an incident.

To address this communications challenge, the only solution is for business leaders to routinely prepare and plan for such events through, for example, creation of communications playbooks and regular testing of incident response plans. As Marks and Spencer’s CEO Stuart Machin explained, “We did a simulation exercise last year. Because of that, I knew who to call. I had people on speed dial in case it happened.”

Importantly , such preparation is not just the sole responsibility of the IT or business continuity teams. Cyber security is a mainstream business risk akin to financial, legal or health and safety risks, and needs to be understood by Board members. As we face the uncertainty and unpredictability of an increasing cyber threat, planning and preparation can go a long way, as Richard Horne, CEO of the National Cyber Security Centre recognised in a recent speech; “We cannot control everything, but we must control the things that we can and be prepared for the things we can’t.”

If you would like support with your cyber communications response do get in touch: enquiries@cardewgroup.com